- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.
Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.
You must log in or register to comment.
Wait, people were ever using biometric unlock?
Oh… oh… did the obviously inevitable thing that would happen under that paradigm… happen under that paradigm?
Wow, how surprising.
Handing out my fingerprint to a tech company has seemed like a really bad idea ever since that tech was introduced to smartphones. Never used it myself. I’ve just stuck to the pattern lock instead. And don’t even get me started on FaceID.
Tiktok’s new TOS explicitly states that by using the platform, you grant them a permanent liscense to use your face, for anything they want.
Training LLM models, selling your biometric data, anything.
People were right that its a form of invasive spyware, all corpo social media apps are, including dating apps obviously.
But uh, its ‘ours’ now, its our ‘panopticon in your pocket’ killer app, so… now its good or something.
A reminder if you restart your phone biometrics don’t work until you unlock it once with your code.
If you’re about to deal with police, turn off or restart your phone so it resets to a Before First Unlock state where your information is encrypted and biometrics do not work.
If your phone allows you to set an automatic restart, set that up.
GrapheneOS by default automatically reboots after 18 hours of not being successfully unlocked. Devices in the Before First Unlock state are effectively not able to be accessed by standard law enforcement solutions. It also lets you set a duress password that will immediately make the storage contents permanently inaccessible, delete the eSIM, and power off the device.
Good recommendations. Unfortunately the claim that phones in a BFU state are effectively inaccessible is not entirely true.
It’s more difficult than the alternative, but it’s possible in many cases. If law enforcement has your device, assume they can access to everything on it. Oftentimes even things that were deleted.
If you press the lock button on your iPhone several times in a row, it will force the entry of a pin next time it starts.
Test it out, and learn how to do it quickly if the popo comes for you.
On my pixel I can just hold the power button and click “Lockdown” on the menu and it will force the code
iPhone users: Hold power and either volume up or down button for two seconds It will lock and ask for your pin, regardless if you shut down the phone or not.
Learn how to do it quickly and blindly, with your phone in your pocket.
Also change the passcode type to alphanumeric even if you just use numbers. Makes it impossible for them to unlock it with that Mosad software. Though you probably need to make the passcode longer than 6 characters and add in a few letters. Like a 6 number passcode just take days to crack. While a 12 character alphanumeric code takes thousands of years.
You don’t even need to do it multiple times. If you go into the power menu while it’s locked it requires it so just power + vol up
I haven’t done as much research on iPhones… does that put it back into a BFU state, or just not accept biometrics?
There is a difference if it doesn’t force it back into BFU state, not for say a patrol officer/agent on the field, but definitely if they’re trying to get into your phone later.
It just disables biometrics, so not a complete lockdown, but better than nothing.
If you want to do a better lockdown, you do the following, it takes longer however:
- Press Vol+
- Press Vol-
- Hold the lock button until you see the Apple logo
This will force a restart of the device and require the pin to be entered.
You can just hold the lock button and volume up until it prompts you to power off.
Or swipe down the control center and there a power icon in the top right
Edit. Apparently that control center thing doesn’t work on my phone but it used to
Graphene can do two factor unlock which is nice.
explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it.
In other words, physical assault.
Legitimate law enforcement does every day what would be assault by anyone else. This isn’t wrong because it’s touching people, it’s wrong because the law enforcement agencies are illegitimate, so all uses of their power are illegitimate.
Find your device’s “lockdown” feature (disables fingerprint/face entry) and enable that in any potentially sketchy situation.
I don’t know how to trigger it on iOS, but my Pixel has the “lockdown” mode option on the same window as “shutdown” and “reboot”, which can be accessed at any time by briefly holding the power button.
Wouldn’t it be better to just turn the phone off? Seems like it’s about the same amount of effort, and it won’t have anything unencrypted in RAM any more.
It’s already in the same screen, both on Android and iOS, so of course it is much better, and not less convenient, to shutdown instead.
I can’t think of any reason not to, besides “I might want to unlock it real quick”, which is exactly what you’re preventing on this scenario.
On iOS, you can press the power button five times in a row or hold the power button and volume up button together. Either one of those disables biometric login.
Of course, you need to know that you need to do that and have the chance to do so.
You only need a second or two of warning to disable the biometrics - it’s not as good as BFU state, but it’s better than nothing for sure.
This assumes you have the time to activate it. If someone comes up and snatches your phone before you have time to activate it, it’s useless. Just don’t use biometrics at all.
Yes, it requires some proactive forethought.
Ya that’s great but also if you power off you phone, you can’t use biometrics once it boots up for the first unlock. If you have time to shut it off first, that is.
Any serious justice system would not accept illegally obtained evidence like this
Eh, I get what you mean, but let me explain how it works in Sweden.
Our courts practice something called “fri bevisprövning”, this means that no evidence can be declared unusable, and can be used in court, obviously the evidence has to be documented and validated as being real, but the manner of how it was collected does not matter.
Now, if it was collected in an illegal way, that illegal act is a different case altogether.
To be frank it makes a lot of sense, it stops procedural issues from denying the use of evidence, while punishing the illegal act used to collect it.
Now, I know the US has good reasons for the laws they use regarding evidence, I just disagree that it is the only way to do it.
Biometrics are a username, not a password.
Except passkeys are replacing passwords, and a lot of people use their fingerprint as the passkey. It’s nowhere near as common to use a physical key like a Yubikey.
Who are you?
The person who this finger belonged to.
Cool. Come on in.
Something you have, something you know, something you are.
